@sap/eslint-plugin-cds/lib/rules/auth-no-empty-restrictions.js

ESLint plugin including recommended SAP Cloud Application Programming model and environment rules

'use strict'

const AUTH_ANNOTATIONS = [ '@restrict', '@requires' ]

module.exports = {
  meta: {
    schema: [{/* to avoid deprecation warning for ESLint 9 */}],
    docs: {
      description: '`@restrict` and `@requires` must not be empty.',
      category: 'Model Validation',
      recommended: true,
      url: 'https://cap.cloud.sap/docs/tools/cds-lint/rules/auth-no-empty-restrictions',
    },
    messages: {
      missingRestriction: 'No explicit restrictions provided on {{kind}} `{{name}}` at `{{label}}`.',
    },
    type: 'problem',
    model: 'inferred'
  },
  create (context) {
    return {
      entity: checkRestrictions,
      service: checkRestrictions,
      action: checkRestrictions,
      function: checkRestrictions,
    }

    function checkRestrictions (e) {
      for (const anno of AUTH_ANNOTATIONS) {
        if (isEmptyRestriction(e[anno])) {
          context.report({
            messageId: 'missingRestriction',
            data: { kind: e.kind, name: e.name, label: anno },
            node: context.getNode(e),
            file: e.$location.file
          })
        }
      }
    }
  }
}

/**
 * Checks if the given annotation value is an empty restriction.
 * Examples which would return `true`:
 *   ```
 *   @requires: ''
 *   @requires: ['']
 *   @restrict: [ { to: '' } ]
 *   @restrict: [ { to: [''] } ]
 *   ```
 *
 * @param {*} obj
 * @returns {boolean}
 */
function isEmptyRestriction(obj) {
  if (typeof obj === 'string')
    return obj === ''
  if (Array.isArray(obj))
    return obj.length === 0 || obj.some(isEmptyRestriction)
  if (typeof obj === 'object') {
    // handle `null` as non-empty (i.e. ignore)
    return obj && isEmptyRestriction(obj.to)
  }
  return false
}